Document per-IP rate change

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-11-14 11:44:01 +01:00 · 2010-02-17 15:41:12 -08:00 · 2010-02-17 15:41:12 -08:00 · ea8a6c837f
commit ea8a6c837f
parent 00b0490cd7
2 changed files with 11 additions and 0 deletions
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@ -6,6 +6,8 @@ Changes in Shorewall 4.4.8

 3)  Avoid duplicate SFQ class numbers.

+4)  Fix low per-IP rate limits.
+
 Changes in Shorewall 4.4.7

 1)  Backport optimization changes from 4.5.
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -206,6 +206,15 @@ Shorewall 4.4.8
             1500 limit 127 perturb 10" Failed
    Processing /etc/shorewall/stop ...

+4)  Previously, when per-IP rate limiting was specified with a low rate
+    (such as 1/hour), the effective rate was much higher (once every 10
+    seconds). The Shorewall compiler now configures the hashlimit table
+    based on the rate such that the rate is more accurately enforced.
+
+    As part of this change, a unique hash table name is assigned to
+    each rule that does not specify a table name in the rule. The
+    assigned names are of the form 'shorewallN' where N is an integer.
+
 ----------------------------------------------------------------------------
             K N O W N   P R O B L E M S   R E M A I N I N G
 ----------------------------------------------------------------------------